Hi Team,
In one of the ISE deployments we have facing issue with integration of the node with two AD domains, although one has been integrated the second one is still under process of integrating with ISE node. The issue is briefed as below:
ISE (Primary and Secondary) have been deployed in the management network of primary domain (xyx.com as a example) that is shared by all the Network Devices across all the companies with the gateway of the management subnet is configured on the firewall for the organization with the above domain. Both the ISE Nodes are added in the WLC as the RADIUS Servers. Domain Server Configured on both the ISE Nodes is pointed towards xyz.com DNS Server. The issue faced is when the ISE is added to one more domain (abc.com as an example) we are getting the attached error. Please note that ABC and XYZ (as quoted example above) are two separate entities of the same group. They are having multiple AD domains but are using same WLC controller. ABC AD is not getting integrated with main XYZ without configuring two-way trust, although this scenario is supported by ISE. The TAC (SR 683511589) has already conveyed that the issue is with availability of AD services from ISE and has asked to check AD logs, check the firewall rules, fix revers DNS issue.
Do we have a clear prerequisites specific to DNS records (creating A record, PTR record, SRV record etc) for integrating with multiple domains? Not much specific is available in the configuration guide specific to multiple domain integration.
Kindly help.